Polish gh-9597
This commit is contained in:
Steve Riesenberg
parent
c57fc309c2
commit
d37ff18b69
|
|
@ -21,7 +21,6 @@ import java.util.List;
|
|||
import jakarta.servlet.http.HttpServletRequest;
|
||||
|
||||
import org.springframework.context.ApplicationContext;
|
||||
import org.springframework.security.authentication.AuthenticationDetailsSource;
|
||||
import org.springframework.security.authentication.AuthenticationManager;
|
||||
import org.springframework.security.authentication.AuthenticationTrustResolver;
|
||||
import org.springframework.security.config.annotation.web.HttpSecurityBuilder;
|
||||
|
|
@ -91,11 +90,6 @@ public final class ServletApiConfigurer<H extends HttpSecurityBuilder<H>>
|
|||
if (trustResolver != null) {
|
||||
this.securityContextRequestFilter.setTrustResolver(trustResolver);
|
||||
}
|
||||
AuthenticationDetailsSource<HttpServletRequest, ?> authenticationDetailsSource = http
|
||||
.getSharedObject(AuthenticationDetailsSource.class);
|
||||
if (authenticationDetailsSource != null) {
|
||||
this.securityContextRequestFilter.setAuthenticationDetailsSource(authenticationDetailsSource);
|
||||
}
|
||||
ApplicationContext context = http.getSharedObject(ApplicationContext.class);
|
||||
if (context != null) {
|
||||
String[] grantedAuthorityDefaultsBeanNames = context.getBeanNamesForType(GrantedAuthorityDefaults.class);
|
||||
|
|
|
|||
|
|
@ -30,7 +30,6 @@ import org.springframework.beans.factory.annotation.Autowired;
|
|||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.security.access.AccessDeniedException;
|
||||
import org.springframework.security.authentication.AuthenticationDetailsSource;
|
||||
import org.springframework.security.authentication.AuthenticationManager;
|
||||
import org.springframework.security.authentication.AuthenticationTrustResolver;
|
||||
import org.springframework.security.authentication.TestingAuthenticationToken;
|
||||
|
|
@ -150,15 +149,6 @@ public class ServletApiConfigurerTests {
|
|||
verify(SharedTrustResolverConfig.TR, atLeastOnce()).isAnonymous(any());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void configureWhenSharedObjectAuthenticationDetailsSourceThenAuthenticationDetailsSourceUsed() {
|
||||
this.spring.register(SharedAuthenticationDetailsSourceConfig.class).autowire();
|
||||
SecurityContextHolderAwareRequestFilter scaFilter = getFilter(SecurityContextHolderAwareRequestFilter.class);
|
||||
AuthenticationDetailsSource<HttpServletRequest, ?> authenticationDetailsSource = getFieldValue(scaFilter,
|
||||
"authenticationDetailsSource");
|
||||
assertThat(authenticationDetailsSource).isEqualTo(SharedAuthenticationDetailsSourceConfig.ADS);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void requestWhenServletApiWithDefaultsInLambdaThenUsesDefaultRolePrefix() throws Exception {
|
||||
this.spring.register(ServletApiWithDefaultsInLambdaConfig.class, AdminController.class).autowire();
|
||||
|
|
@ -331,22 +321,6 @@ public class ServletApiConfigurerTests {
|
|||
|
||||
}
|
||||
|
||||
@EnableWebSecurity
|
||||
static class SharedAuthenticationDetailsSourceConfig extends WebSecurityConfigurerAdapter {
|
||||
|
||||
@SuppressWarnings("unchecked")
|
||||
static AuthenticationDetailsSource<HttpServletRequest, ?> ADS = spy(AuthenticationDetailsSource.class);
|
||||
|
||||
@Override
|
||||
protected void configure(HttpSecurity http) {
|
||||
// @formatter:off
|
||||
http
|
||||
.setSharedObject(AuthenticationDetailsSource.class, ADS);
|
||||
// @formatter:on
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@EnableWebSecurity
|
||||
static class ServletApiWithDefaultsInLambdaConfig extends WebSecurityConfigurerAdapter {
|
||||
|
||||
|
|
|
|||
|
|
@ -81,7 +81,7 @@ final class HttpServlet3RequestFactory implements HttpServletRequestFactory {
|
|||
|
||||
private AuthenticationTrustResolver trustResolver = new AuthenticationTrustResolverImpl();
|
||||
|
||||
private AuthenticationDetailsSource<HttpServletRequest, ?> authenticationDetailsSource = new WebAuthenticationDetailsSource();
|
||||
private final AuthenticationDetailsSource<HttpServletRequest, ?> authenticationDetailsSource = new WebAuthenticationDetailsSource();
|
||||
|
||||
private AuthenticationEntryPoint authenticationEntryPoint;
|
||||
|
||||
|
|
@ -162,18 +162,6 @@ final class HttpServlet3RequestFactory implements HttpServletRequestFactory {
|
|||
this.trustResolver = trustResolver;
|
||||
}
|
||||
|
||||
/**
|
||||
* Sets the {@link AuthenticationDetailsSource} to be used. The default is
|
||||
* {@link WebAuthenticationDetailsSource}.
|
||||
* @param authenticationDetailsSource the {@link AuthenticationDetailsSource} to use.
|
||||
* Cannot be null.
|
||||
*/
|
||||
void setAuthenticationDetailsSource(
|
||||
AuthenticationDetailsSource<HttpServletRequest, ?> authenticationDetailsSource) {
|
||||
Assert.notNull(authenticationDetailsSource, "authenticationDetailsSource cannot be null");
|
||||
this.authenticationDetailsSource = authenticationDetailsSource;
|
||||
}
|
||||
|
||||
@Override
|
||||
public HttpServletRequest create(HttpServletRequest request, HttpServletResponse response) {
|
||||
return new Servlet3SecurityContextHolderAwareRequestWrapper(request, this.rolePrefix, response);
|
||||
|
|
|
|||
|
|
@ -27,14 +27,12 @@ import jakarta.servlet.ServletResponse;
|
|||
import jakarta.servlet.http.HttpServletRequest;
|
||||
import jakarta.servlet.http.HttpServletResponse;
|
||||
|
||||
import org.springframework.security.authentication.AuthenticationDetailsSource;
|
||||
import org.springframework.security.authentication.AuthenticationManager;
|
||||
import org.springframework.security.authentication.AuthenticationTrustResolver;
|
||||
import org.springframework.security.authentication.AuthenticationTrustResolverImpl;
|
||||
import org.springframework.security.core.context.SecurityContext;
|
||||
import org.springframework.security.core.context.SecurityContextHolder;
|
||||
import org.springframework.security.web.AuthenticationEntryPoint;
|
||||
import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
|
||||
import org.springframework.security.web.authentication.logout.LogoutHandler;
|
||||
import org.springframework.util.Assert;
|
||||
import org.springframework.web.filter.GenericFilterBean;
|
||||
|
|
@ -82,8 +80,6 @@ public class SecurityContextHolderAwareRequestFilter extends GenericFilterBean {
|
|||
|
||||
private AuthenticationTrustResolver trustResolver = new AuthenticationTrustResolverImpl();
|
||||
|
||||
private AuthenticationDetailsSource<HttpServletRequest, ?> authenticationDetailsSource = new WebAuthenticationDetailsSource();
|
||||
|
||||
public void setRolePrefix(String rolePrefix) {
|
||||
Assert.notNull(rolePrefix, "Role prefix must not be null");
|
||||
this.rolePrefix = rolePrefix;
|
||||
|
|
@ -176,23 +172,9 @@ public class SecurityContextHolderAwareRequestFilter extends GenericFilterBean {
|
|||
updateFactory();
|
||||
}
|
||||
|
||||
/**
|
||||
* Sets the {@link AuthenticationDetailsSource} to be used. The default is
|
||||
* {@link WebAuthenticationDetailsSource}.
|
||||
* @param authenticationDetailsSource the {@link AuthenticationDetailsSource} to use.
|
||||
* Cannot be null.
|
||||
*/
|
||||
public void setAuthenticationDetailsSource(
|
||||
AuthenticationDetailsSource<HttpServletRequest, ?> authenticationDetailsSource) {
|
||||
Assert.notNull(authenticationDetailsSource, "authenticationDetailsSource cannot be null");
|
||||
this.authenticationDetailsSource = authenticationDetailsSource;
|
||||
updateFactory();
|
||||
}
|
||||
|
||||
private HttpServletRequestFactory createServlet3Factory(String rolePrefix) {
|
||||
HttpServlet3RequestFactory factory = new HttpServlet3RequestFactory(rolePrefix);
|
||||
factory.setTrustResolver(this.trustResolver);
|
||||
factory.setAuthenticationDetailsSource(this.authenticationDetailsSource);
|
||||
factory.setAuthenticationEntryPoint(this.authenticationEntryPoint);
|
||||
factory.setAuthenticationManager(this.authenticationManager);
|
||||
factory.setLogoutHandlers(this.logoutHandlers);
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
|
||||
* Copyright 2004, 2005, 2006, 2021 Acegi Technology Pty Limited
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
@ -36,6 +36,7 @@ import org.mockito.junit.jupiter.MockitoExtension;
|
|||
|
||||
import org.springframework.mock.web.MockHttpServletRequest;
|
||||
import org.springframework.mock.web.MockHttpServletResponse;
|
||||
import org.springframework.mock.web.MockHttpSession;
|
||||
import org.springframework.security.authentication.AuthenticationManager;
|
||||
import org.springframework.security.authentication.BadCredentialsException;
|
||||
import org.springframework.security.authentication.TestingAuthenticationToken;
|
||||
|
|
@ -45,12 +46,14 @@ import org.springframework.security.core.AuthenticationException;
|
|||
import org.springframework.security.core.context.SecurityContext;
|
||||
import org.springframework.security.core.context.SecurityContextHolder;
|
||||
import org.springframework.security.web.AuthenticationEntryPoint;
|
||||
import org.springframework.security.web.authentication.WebAuthenticationDetails;
|
||||
import org.springframework.security.web.authentication.logout.LogoutHandler;
|
||||
import org.springframework.test.util.ReflectionTestUtils;
|
||||
|
||||
import static org.assertj.core.api.Assertions.assertThat;
|
||||
import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
|
||||
import static org.mockito.ArgumentMatchers.any;
|
||||
import static org.mockito.ArgumentMatchers.anyBoolean;
|
||||
import static org.mockito.ArgumentMatchers.anyString;
|
||||
import static org.mockito.ArgumentMatchers.eq;
|
||||
import static org.mockito.BDDMockito.given;
|
||||
|
|
@ -59,6 +62,7 @@ import static org.mockito.Mockito.mock;
|
|||
import static org.mockito.Mockito.times;
|
||||
import static org.mockito.Mockito.verify;
|
||||
import static org.mockito.Mockito.verifyZeroInteractions;
|
||||
import static org.mockito.Mockito.when;
|
||||
|
||||
/**
|
||||
* Tests {@link SecurityContextHolderAwareRequestFilter}.
|
||||
|
|
@ -217,6 +221,27 @@ public class SecurityContextHolderAwareRequestFilterTests {
|
|||
verifyZeroInteractions(this.authenticationEntryPoint, this.authenticationManager, this.logoutHandler);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void loginWhenHttpServletRequestHasAuthenticationDetailsThenAuthenticationRequestHasDetails()
|
||||
throws Exception {
|
||||
String ipAddress = "10.0.0.100";
|
||||
String sessionId = "session-id";
|
||||
when(this.request.getRemoteAddr()).thenReturn(ipAddress);
|
||||
when(this.request.getSession(anyBoolean())).thenReturn(new MockHttpSession(null, sessionId));
|
||||
wrappedRequest().login("username", "password");
|
||||
|
||||
ArgumentCaptor<UsernamePasswordAuthenticationToken> authenticationCaptor = ArgumentCaptor
|
||||
.forClass(UsernamePasswordAuthenticationToken.class);
|
||||
verify(this.authenticationManager).authenticate(authenticationCaptor.capture());
|
||||
|
||||
UsernamePasswordAuthenticationToken authenticationRequest = authenticationCaptor.getValue();
|
||||
assertThat(authenticationRequest.getDetails()).isInstanceOf(WebAuthenticationDetails.class);
|
||||
|
||||
WebAuthenticationDetails details = (WebAuthenticationDetails) authenticationRequest.getDetails();
|
||||
assertThat(details.getRemoteAddress()).isEqualTo(ipAddress);
|
||||
assertThat(details.getSessionId()).isEqualTo(sessionId);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void logout() throws Exception {
|
||||
TestingAuthenticationToken expectedAuth = new TestingAuthenticationToken("user", "password", "ROLE_USER");
|
||||
|
|
|
|||
Loading…
Reference in New Issue